The GDPR acronym is everywhere at the moment, causing authors to scratch their heads in confusion. I'm one of those authors! Or was, until I did some digging. First, some background:

What the heck does it mean? In it’s very basic form it means new laws are coming into place from 25th May meaning we need to ensure we're looking after the data, through both electronic and physical documents, that relates to an individual.

Why should I be bothered? It's very easy to dismiss this and say – “nope, I don't keep any information on anyone.” But sit and have a think. Do you have a newsletter that you send out? Do you outsource any work such as social media support, newsletter distribution and so on? Do you keep a list of people to send ARCs to? Chances are, you are storing information such as people's names, email addresses, and a postal address in one form or another. This means it's time to comply! If you don't, there's the chance of a huge fine.

*Gulp* Okay, so how do I comply?

Here are 5 steps I took to comply. Please note, I am NOT a legal expert and am just sharing the steps I took with you.

1) I got the consent of my current newsletter subscribers: As the law is so new, it's unlikely you will have got the level of consent that's required from your subscribers. So to cover all bases, I contacted all my subscribers asking them to sign up to a new newsletter and making it clear what they'd be signing up for (you don't need to do this, I was just launching a new list!). To make it easy for you, most of us use email marketing tools such as Mailchimp to send out our newsletters. These tools will more then likely have developed an opt-in landing page that is GDPR ready for you so use that. Eg, the Mailchimp steps can be found here: https://kb.mailchimp.com/accounts/management/collect-consent-with-gdpr-forms So you can send our an email via Mailchimp which covers you

2) Have a record of consent: I needed to be able to provide a record of exactly where and when a user gave their consent. If you can't, you could be in breach of the law (hence why the step above is so important). Again, if using a provider like Mailchimp, they will have a record of all this. So if you follow the step above, it's covered. If not, make sure you're keep a record somewhere secure and safe.

3) Add a Privacy Policy page to your website: On your website, create a page listing the data that you hold and what you do with it. Feel free to copy and paste mine. Then link to it in your enewsletters.

4) Check any online forms you have: It is madeclear what purpose users are providing their data for? Existing forms may need to be re-worded or tweaked to make permissions more explicit.